1.6 Systems Security

STUDY

PLAY

A program that is designed to cause some form of harm to a computer or network. Examples include viruses, worms and trojans.

Phishing

Emails that masquerade (pretend) as if they are from a legitimate source but are actually from fraudsters. The aim is to steal money, log in details or identities.

People

These are the biggest threat to systems. Poor training or human error tend to create the weakest points. Criminals have engineered methods of taking advantage.

Brute force

Attempting to gain unauthorised access by testing combinations of different passwords. Could use a dictionary of commonly used passwords or try every possible key combination.

Denial of Service (DoS) attacks

Preventing legitimate access to a web server by bombarding it with traffic. There is a limit to how many connections a server can maintain at any time. Too much traffic will cause the server to become very slow or crash. The same can happen to email accounts - email address peppered with emails until it becomes full and will not accept any more.

Data interception and theft

Combination of different methods to gain unauthorised access to data. Includes packet sniffing (intercepting and looking at the data inside data packets), shouldering (looking over someone's shoulder to see what they type), using someone's computer if they have accidently remained logged in and going through paper documents (often in the bins).

SQL injection

Many web sites rely on databases to hold information (such as customer records). These can be created, searched and accessed using SQL. Some poorly written or protected web sites can allow people to alter legitimate SQL statements or add in their own SQL statements. Such methods could allow someone to trick the server into believing the username and password they have entered is correct or gain access to data that should be hidden and protected.

Poor network policy

Some vulnerabilities can be due to poor planning, poorly written code, lack of staff training, lack of staff guidelines or insufficient security measures.

Virus

A piece of malware that attaches itself to a program or file. Cannot affect a computer unless the infected file is executed. Damage caused could be anything from annoying to deleting system files.

Worm

A piece of malware that can travel without without human interaction and make copies of itself. One example common example is when an email account is compromised and the worm then sends itself to everyone in that accounts address book, and so on.

Trojan

A piece of malware that pretends to be a legitimate bit of software but once installed does something different. What they do could vary from making annoying changes, deleting files to opening a backdoor to allow malicious users access.

Penetration testing

Used to identify weaknesses in a system. Tasks can include identifying possible target areas, looking for possible entry points, attempting to break in and seeing how much damage different user levels could cause.

Network forensics

Captures, stores and analyses data about the network. The information can identify normal patterns and trends. When something occurs that does not fit the normal, it can hopefully be identified and stopped before it causes damage. Can also be used to identify data leaks and communications.

Anti-malware software

Software that helps to protect computer systems by preventing harmful programs being installed, preventing important files being altered or deleted and detecting and removing or cleaning infected files. Must be up-to-date to be effective.

Firewalls

Software designed to prevent unauthorised access to or from a network or computer. All communication will be examined to see if it meets a specific criteria (where it is from, type of data, where it is going, etc) and will be blocked if it does not.

User access levels

Scaling the authorised access to files, folders and disks. The idea is to only allow users access to areas that they need in order to carry out their role. Access to files could be denied (hidden), read-only (cannot make changes), write-only (can add to but not see other data) and read and write.

Usernames and passwords

One of the easiest and most effective ways of ensuring only authorised people have access to systems. Combining these two pieces of data means the system knows who is logged in and is reasonably sure it is actually them. Combined with other measures, such as locking account after a number of failed attempts and access levels, a system can become secure very quickly.

Encryption

Using a cipher, or key, to 'scramble' the original data so that it becomes unintelligible. Means that if data is stolen, it can not be misused. HTTPS does this to data so that personal details cannot be found if intercepted.